import * as pulumi from "@pulumi/pulumi";
/**
 * Authoritatively manages the access control list (ACL) for an object in a Google
 * Cloud Storage (GCS) bucket. Removing a `gcp.storage.ObjectACL` sets the
 * acl to the `private` [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl).
 *
 * For more information see
 * [the official documentation](https://cloud.google.com/storage/docs/access-control/lists)
 * and
 * [API](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls).
 *
 * > Want fine-grained control over object ACLs? Use `gcp.storage.ObjectAccessControl` to control individual
 * role entity pairs.
 *
 * ## Example Usage
 *
 * Create an object ACL with one owner and one reader.
 *
 * ```typescript
 * import * as pulumi from "@pulumi/pulumi";
 * import * as gcp from "@pulumi/gcp";
 *
 * const image_store = new gcp.storage.Bucket("image-store", {
 *     name: "image-store-bucket",
 *     location: "EU",
 * });
 * const image = new gcp.storage.BucketObject("image", {
 *     name: "image1",
 *     bucket: image_store.name,
 *     source: new pulumi.asset.FileAsset("image1.jpg"),
 * });
 * const image_store_acl = new gcp.storage.ObjectACL("image-store-acl", {
 *     bucket: image_store.name,
 *     object: image.outputName,
 *     roleEntities: [
 *         "OWNER:user-my.email@gmail.com",
 *         "READER:group-mygroup",
 *     ],
 * });
 * ```
 *
 * ## Import
 *
 * This resource does not support import.
 */
export declare class ObjectACL extends pulumi.CustomResource {
    /**
     * Get an existing ObjectACL resource's state with the given name, ID, and optional extra
     * properties used to qualify the lookup.
     *
     * @param name The _unique_ name of the resulting resource.
     * @param id The _unique_ provider ID of the resource to lookup.
     * @param state Any extra arguments used during the lookup.
     * @param opts Optional settings to control the behavior of the CustomResource.
     */
    static get(name: string, id: pulumi.Input<pulumi.ID>, state?: ObjectACLState, opts?: pulumi.CustomResourceOptions): ObjectACL;
    /**
     * Returns true if the given object is an instance of ObjectACL.  This is designed to work even
     * when multiple copies of the Pulumi SDK have been loaded into the same process.
     */
    static isInstance(obj: any): obj is ObjectACL;
    /**
     * The name of the bucket the object is stored in.
     */
    readonly bucket: pulumi.Output<string>;
    /**
     * The name of the object to apply the acl to.
     *
     * - - -
     */
    readonly object: pulumi.Output<string>;
    /**
     * The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not.
     */
    readonly predefinedAcl: pulumi.Output<string | undefined>;
    /**
     * List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details.
     * Must be set if `predefinedAcl` is not.
     */
    readonly roleEntities: pulumi.Output<string[]>;
    /**
     * Create a ObjectACL resource with the given unique name, arguments, and options.
     *
     * @param name The _unique_ name of the resource.
     * @param args The arguments to use to populate this resource's properties.
     * @param opts A bag of options that control this resource's behavior.
     */
    constructor(name: string, args: ObjectACLArgs, opts?: pulumi.CustomResourceOptions);
}
/**
 * Input properties used for looking up and filtering ObjectACL resources.
 */
export interface ObjectACLState {
    /**
     * The name of the bucket the object is stored in.
     */
    bucket?: pulumi.Input<string>;
    /**
     * The name of the object to apply the acl to.
     *
     * - - -
     */
    object?: pulumi.Input<string>;
    /**
     * The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not.
     */
    predefinedAcl?: pulumi.Input<string>;
    /**
     * List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details.
     * Must be set if `predefinedAcl` is not.
     */
    roleEntities?: pulumi.Input<pulumi.Input<string>[]>;
}
/**
 * The set of arguments for constructing a ObjectACL resource.
 */
export interface ObjectACLArgs {
    /**
     * The name of the bucket the object is stored in.
     */
    bucket: pulumi.Input<string>;
    /**
     * The name of the object to apply the acl to.
     *
     * - - -
     */
    object: pulumi.Input<string>;
    /**
     * The "canned" [predefined ACL](https://cloud.google.com/storage/docs/access-control#predefined-acl) to apply. Must be set if `roleEntity` is not.
     */
    predefinedAcl?: pulumi.Input<string>;
    /**
     * List of role/entity pairs in the form `ROLE:entity`. See [GCS Object ACL documentation](https://cloud.google.com/storage/docs/json_api/v1/objectAccessControls) for more details.
     * Must be set if `predefinedAcl` is not.
     */
    roleEntities?: pulumi.Input<pulumi.Input<string>[]>;
}